Bypassing SMTP and POP block

[Und3ertak3r]

Hi Guys,

I have been trying to sus this out most of the evening.
Where I have just started things are a bit disorganised.. little details, like passwords for Admin, VOIP Admin, and basic network config are still to be supplied.. that and My weakest areas of skill is where I have been in greatest demand.. thats life..

The problem I have.. I have number of Sub-contractors who wish to acces their companies email.. but.. it appears that atleast ports 25 and 110 are blocked ie smtp and POP access.. for some of these guys its ok they can use yahoo/google/(yetch) MSN etc.. one company has a webmail setup.. I had been instructed by one of City Admins to tell them to use Mail2Web
Problem is A couple of the noisest contractors - and more valuable to the project.. want/demand to be able to use their email client software.. these old roosters are bloody good at their job of knowing their steel and how to weld it.. but need super hand holding in front of a PC..

So my list of possable solutions to the blocked Ports.. Proxy the connection.. I know the co has had proxy connectins for clients.. I have never used a proxy for anything.. is this reliable?
is there such a thing as a SMTP/POP Proxy?

As commented .. further encourage the use of a email to Web mail server

Talk the Admins for the MAilservers to change their SMTP and POP ports.. prob here is I Know one (OZ's big one) will not comply....

Other solution.. I havent approached..

Ideas here to help me to take submissions to respective Admins tomorrow will be helpful..

BTW: I am only on the site a day a week at the moment.. but the issue seemed insignificant last week, but is serious this week.. I wont be letting this go to many days..

Cheers

[SirDice]

I for one would never ever allow 3rd parties on my network with their own equipment.. I would give them an account and emailbox so they can logon and use our machines....

Simplest solution would be to create a seperate (small) LAN with their own Internet acces..

[cacosapo]

under: what about a http tunnel? Although i cant agree about these kind of software usage (can open a hole on the network) i think it will work for tunnelling outlook to access pop3/smtp servers.

some kind of tunne like this: http://www.htthost.com/faq.boa?question=mail

I've never tried with mail, but it works with instant messenger and other sock4 compliant software.

[Tiger Shark]

Can you not just unblock SMTP and POP to the relevant mail servers and leave them blocked to all others?

[spazzmatrix]

Are the emails being checked directly from a pop server or an exchange server?

Is this Intranet email or Internet email?

One thing I can think of is if they use email in the office have them setup a rule to forward email to an Internet Based account and check it through gmail/yahoo/hotmail.

Simple and sweet.

http://e-mailanywhere.com works great as well, No server info needed in most cases. However if they have 25/110 blocked it may not work.

[Und3ertak3r]

Thanks guys..

Been on the job for 2 days and am yet to be briefed on policies and network layout/profile etc.. While in many areas I just change location, in the most important areas I am still just finding my legs.

SirDice, yes I agree.. problem .. All our communications is via fiber direct to Brisbug, and with the exception of voice (ala VOIP), is then routed via Syd-vegas to dot-FR..there it pops to the net.. so if I logon to AO from Work I have a FR IP..
BTW: ATM those that need access to the network are allowed limited access in the Domain. the ppl in question only have internet access and access to printers..it is usually on our machines .. so I have the task of checking the safety of the machines

TS - I am stuck between the French HQ's Firewall and a Sub contractor about to throw an expensive tantrum. To the best of my knowledge I am not in a position to change firewall settings

My preference would be a mail to web service, but as I said the preference of the simple useres is their OLEXP and OL. I heard that some dont handle large attachments well. These guys have obviously had issues before

I made the recomendation of the regular web based services..Yahoo/MSN/Google.. not acceptable

cacosapo - I will check out your idea..

[alleyCat]

Originally posted here by Und3ertak3r
... A couple of the noisest contractors - and more valuable to the project.. want/demand to be able to use their email client software.. these old roosters are bloody good at their job of knowing their steel and how to weld it.. but need super hand holding in front of a PC..

I realise you said that they are demanding it, so I guess taking a stand and just saying no, citing security, cost and/or operational limits, is out of the question?

Sometimes when we are faced with more 'experienced' colleagues we think we need to bow to their every demand, but if this is going to cause more problems than it fixes (and you are the man with the keys...), then it might be best to stick to your guns... and say No.

Al.

[Tiger Shark]

Undies:

You are in the "shitty spot" right now.....

But.... Since you are stuck between the Frogs who control the FW and the contractor that has the "goods" it's the perfect time to palm it off "upwards". Two days in the job - no access to the "system" - pushy users = required users - all equals a management decision.... It certainly isn't yours since you don't have the power to effect any decision you might want to make....

Trot on up to the boss and tell him you have no access to the systems that would allow the contractors to do what they want to do and that the people that do won't alter their system to allow the contractors to do what they need to do.... Then step back and duck....

BTW, WTF are you doing working for a company where Frogs have any power..... Are you working for the UN????? 'Cos that has to be the only place anyone would allow them power.... They probably shouldn't be allowed electricity in the first place - problem solved....

[Nokia]

Nice answer TS.

Personally since they are contractors I would tell them that the company email/computers etc are for full time company employees only. They will have to use the nearest Internet Cafe if they want to check their email.

I had a similar prob a while ago, but I was in the position where I could configure the neccessary hardware/software to allow or deny it. I was about to do it but then realised that company employees sign a contract and are bound by the companies acceptable use policy when using the network and network resouces.

They know and aggree that their email/web surfing can and will be monitored. Your contractors may not have signed such a contract and if the find out your are monitoring what they are doing whilst online they could have some kind of claim againt you/your company, likewise if one of them somehow manages to download a virus/trojan that brings the network down etc (worse case i know but hey, its possible) you will have no come-backs unless they have agreed to your acceptable use policy.

My advise, if you can get away with it, tell them tough **** they will have to check their emails when they get home!

[Und3ertak3r]

They will have to use the nearest Internet Cafe if they want to check their email.

town is 50km away, and the email is for corp traffic..well that is the primary reason.. the wages meter in one room spins faster than a a turbo jets intake fan...

I was told it is a Swis co.. untill i sat in on a video conf.. bit like a scene out of a french version of Are You being Served...(nihil may be just able to remember that..the english version)